• AWS Security

    Location US-VA-Ballston
    Posted Date 2 weeks ago(1/9/2019 7:33 PM)
    Job ID
    # Positions
    Experience (Years)
    Cyber Security
  • Overview

    The Cyber Engineer designs, develops, documents, analyzes, tests, integrates, debugs, conducts research and/or discovers and analyzes security flaws or vulnerabilities in software, networks, systems, applications and/or provide mitigation strategies. The Cyber Engineer ensures system security needs are established and maintained for various objects/matters. Integrates new architectural features into existing infrastructures, design cyber security architectural artifacts, provide architectural analysis of cyber security features and relate existing system to future needs and trends. Evaluates computer software and network for threats and/or malware Collects data from a variety of network security tools, including intrusion detection system alerts, firewall and network traffic logs, and host system logs to analyze events that occur within their environment. Employs and provides computer advanced forensic tools, techniques, and intrusion support for attack reconstruction and high technology investigations, while reviewing threat data from various sources. This position may also identify network computer intrusion evidence and perpetrators.


    • Analyze output from various security devices and malware and incident reports to improve detection of and to minimize future incidents
    • Assess and analyze system security to identify and mitigate risks and vulnerabilities
    • Recommend countermeasures to mitigate risks and vulnerabilities
    • Prepare documentation, including incident reports, security recommendations, etc.


    Active Top Secret clearance required

    • Eight (8) or more years of systems development experience required
      [A Master’s degree in a related discipline may substitute for two (2) years of experience. A PhD may substitute for four (4) years of experience.]

    • Bachelor’s degree in Information Security, Cyber Engineering or a related discipline is required
      [Ten (10) years of experience (for a total of eighteen (18) or more years) may be substituted for a degree.]

    Required skills include:

    • Experience leading an incident response team required
    • Perform attack reconstruction, review threat data and investigate security incidents to determine extent of intrusion and compromise to system and data
    • Provide computer forensic and intrusion support to high technology investigations in the form of computer evidence seizure, computer forensic analysis, data recovery, and network assessments
    • Auto-generate network traffic intelligence
    • Develop mitigation strategies, including influencing accessible assets and data flows (e.g. block behaviors, quarantine hosts and enclave, block and modify traffic)
    • Provide countermeasure recommendations and business cases based on standard security principles, policies, standards and industry best practices
    • Test and provision countermeasures
    • Mitigate attacks and threats by assessing the impact of countermeasures and response effects
    • Monitor and diagnose potential residual effects
    • Use encryption technology, penetration, risk management and vulnerability analysis of various security technologies and information technology security research
    • Gather data and formulate mitigation plans for effective and real-time incident response
    • Perform one or more of the following:
      • Malicious payload analysis, inspection of PCAP payload at the application layer
      • De-obfuscation; transform source or machine code to human-readable cost to assess script functionality
      • Botnet activity correlation: asses impact/ effect of software robots (i.e., ‘bots’) that run autonomously, automatically and/or undetected
    • Assist in identification and implementation of appropriate information security functionality
    • Serve as a subject matter expert for application security in support of programs
    • Produce reports and briefs to provide accurate depiction of threat landscape and associated risks
    • Experience with ArcSight required
    • Experience with one or more of the following is required: MS Visual Studio, Driver Development Kit, IdaPro, Windbg, SoftIce, OllyDbg, VMWare, etc.
    • Experience in intrusion detection and prevention systems (IDS/IPS), log analysis, malware analysis, network traffic flow and packet analysis
    • Experience with standard security principles, policies, standards and industry best practices
    • Experience with software development
    • Understanding of windows and UNIX operating systems
    • Understanding of security technologies and concepts, experience in design and implementation of secure network solutions including DMZs and web portals
    • Knowledge of Information Assurance and Information Operations technologies and development activities
    • Understanding of the processes and guidelines for Certifying & Accrediting (DCID, ICD, NIST 800-53, SANS 20) information systems based upon experience on a large-scale development program
    • Practical experience hardening IT systems in compliance with STE/STIG guidelines
    • Possesses or quickly develop a comprehensive understanding of Government Information Security policies, regulations, and guidelines
    • Experience and knowledge of networking (TCP/IP, topology, sockets and security), operating systems (Windows/UNIX/Linux), and web technologies (Internet security)

    Desired skills include:

    • Experience with Security Event Incident Management, Log Correlation and Network Behavior Anomaly detection systems (ArcSight, QRadar , Splunk, Mazu, Arbor, etc.)
    • Experience and/or familiarity with one of more of the following: Java, Swing, Hibernate, Struts, JUnit, Perl, Ruby, Python, HTML, C, C++, .NET, ColdFusion, Adobe, Assembly language, etc.
    • Demonstrated experience and/or familiarity with VMWare and virtual machines
    • Ability to write custom tools and modify existing intrusion detection tools
    • Experience with Agile development methodology
    • Experience with automated testing tools (e.g., RSpec, Cucumber, etc.)
    • Experience with one or more of the following:
      • Security COTS integration
      • Security Incident Event Management
      • Insider Threat Monitoring
      • Operating System Hardening
      • Vulnerability Assessment testing
      • Identification and Authentication schemes
      • Public Key Infrastructure and Identity Management
      • Cross Domain Solutions
      • Computer Network Exploitation (CNE)
      • Computer Network Operations (CNO)
      • Malware Analysis
      • Reverse Software Engineering
      • Security engineering


    • Certified Information Systems Security Professional (CISSP) certification required
    • DoD 8670 IAM Level II certification required
    • Information Systems Security Engineering Professional (ISSEP) or Information System Security Architect Professional (ISSAP) certification desired
    • Certified Ethical Hacker (CEH) certification desired
    • SANS/GIAC Reverse Engineering Malware (GREM) certification desired
    • ArcSight Certified Security Analyst (ACSA) or ArcSight Certified Advance Security Analyst (ACASA) certification desired

    An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.



    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed